Recording/reproduction device, data processing device, and recording/reproduction system

ABSTRACT

A device key  46  is implemented on a drive  4  side. To securely transmit the device key  46  to a host  5,  the device key  46  is encrypted with a bus key. The host  5  side decrypts the device key with the bus key. A medium unique key calculating block  55  calculates a medium unique key with an MKB  12,  a medium ID, and the decrypted device key  46.  When the calculated medium key is a predetermined value, the drive  4  is revoked and the process is stopped. The medium unique key is supplied to an encrypting/decrypting module  54.  A content key is obtained with an encrypted title key  14  and a CCI  15.  With the content key, an encrypted content is decrypted and a content that is recorded is encrypted.

TECHNICAL FIELD

The present invention relates to a recording and reproducing apparatus,a data processing apparatus, and a recording, reproducing, andprocessing system that cause for example a drive connected to a personalcomputer to record an encrypted content to a disc medium loaded into thedrive and to reproduce an encrypted content from a disc medium.

BACKGROUND ART

On one recording medium such as a DVD (Digital Versatile Disc), whichhas been recently developed, a large capacity of data for one movie canbe recorded as digital information. When video information and so forthcan be recorded as digital information, it will become important toprotect copyright of digital information against illegal copies.

In DVD-Video, as a copy protection technology, CSS (Content ScramblingSystem) has been employed. The use of the CSS is permitted for only DVDmediums, not recordable DVDs such as a DVD-R, a DVD-RW, DVD+R, DVD+RW,and so forth due to CSS contract. Thus, the CSS contract does not permitthe user to copy the contents of a DVD-Video disc to a recordable DVD(so-called bit-by-bit copy).

However, there was a serious situation of which the CSS encryptingsystem was broken. Illegal software called “DeCSS” that easily decryptscontents that has been encrypted in accordance with the CSS encryptionsystem and copies the decrypted contents to a hard disk was published onthe Internet. As a background of the advent of “DeCSS”, reproductionsoftware was designed with a CSS decryption key that was notanti-tampered although it was supposed to be anti-tampered. Thereproduction software was reverse-engineered and the encryption key wasdecrypted. As a result, all the CSS algorithm was decrypted.

As a successor of the CSS, CPPM (Content Protection for Pre-RecordedMedia) as a copyright protection technology for DVD-ROMs such as aDVD-Audio disc and CRPM (Content Protection for Recordable Media) as acopyright protection technology for recordable DVDs and memory cardshave been proposed. In these systems, even if there is a problem aboutencryption for contents, storage of management information, and soforth, the systems can be updated. Even if data of a whole disc iscopied, the reproduction can be restricted. A method for protectingcopyright for DVDs is described in the following non-patent related artreference 1. The CRPM is described in the following document distributedby its licenser, 4C Entity, LLC, USA.

“Spreading-out Copyright Protection Space Starting from DVD”, Yamada,Nikkei Electronics, pp. 143-153, 2001. 8. 13.

“Content Protection for Recordable Media Specification DVD Book”,Internet<URL:http://www.4Centrity.com/>

Under a personal computer (hereinafter, sometimes abbreviated as PC)environment, since a PC and a drive are connected with a standardinterface, secret data may be leaked out or tampered at the standardinterface. As a result, there is a risk of which application softwaremay be reverse-engineered and secret information may be stolen ortampered. Such a risk hardly occurs in an electronic apparatus that hasa recording and reproducing apparatus that is integrated thereinto.

When a copyright protection technology is implemented to an applicationprogram that is executed on a PC, to prevent the copyright protectiontechnology from being analyzed, the application program is generallyanti-tampered. However, there is no index that represents the strengthof tamper-resistance. As a result, countermeasures againstreverse-engineering depend on the decision and capability of eachimplementer. As a result, the CSS was broken. With respect to thecopyright protecting technologies CPPM for DVD-ROM and so forth and CRPMfor recordable DVDS, where were proposed as a successor of the CSS, anengineering method that allows a problem about implementation ofsoftware to a PC to be solved has not been proposed.

An object of the present invention is to secure the safety of acopyright protecting technology under the PC environment. In otherwords, an object of the present invention is to provide a recording andreproducing apparatus, a data processing apparatus, and a recording,reproducing, and processing system that prevent a drive that is notvalidly licensed from being produced and that allow it to be securelyrevoked.

DISCLOSURE OF THE INVENTION

A first aspect of the present invention is a recording and reproducingapparatus, comprising:

-   -   at least one of a recording portion for recording encrypted data        to a recording medium having first information that is unique        thereto and a reproducing portion for reproducing encrypted data        recorded on the recording medium;    -   a storing portion for storing second information uniquely        assigned to a valid electronic apparatus or valid application        software; and    -   a connecting portion for mutually authenticating a data        processing apparatus for at least encrypting data or decrypting        encrypted data with a key generated in accordance with both the        first information unique to the recording medium and the second        information stored in the storing portion.

A second aspect of the present invention is a recording and reproducingapparatus,

-   -   wherein the data processing apparatus has a revoke processing        portion for performing revocation with at least the second        information stored in the storing portion and the first        information unique to the recording medium when the second        information stored in the storing portion is not information        unique to a valid electronic apparatus or valid application        software, and    -   wherein the connecting portion is configured to send the second        information stored in the storing portion to the data processing        apparatus.

A third aspect of the present invention is a recording and reproducingapparatus, further comprising:

-   -   a revoke processing portion for performing revocation with the        second information stored in the storing portion and the first        information unique to the recording medium when the second        information stored in the storing portion is not information        unique to a valid electronic apparatus or valid application        software.

A fourth aspect of the present invention is a recording and reproducingapparatus, comprising:

-   -   at least one of a recording portion for recording encrypted data        to a recording medium having first information that is unique        thereto and a reproducing portion for reproducing encrypted data        recorded on the recording medium;    -   a storing portion for storing second information uniquely        assigned to a valid electronic apparatus or valid application        software;    -   a connecting portion for mutually authenticating a data        processing apparatus for at least encrypting data or decrypting        encrypted data with a key generated in accordance with both the        first information unique to the recording medium and the second        information stored in the storing portion; and    -   a revoke processing portion for performing revocation with the        second information sent from the data processing apparatus        through at least the connecting portion and stored in the        storing portion and the first information unique to the        recording medium when the second information stored in the        storing portion is not information unique to a valid electronic        apparatus or valid application software.

A fifth aspect of the present invention is a data processing apparatus,comprising:

-   -   a connecting portion for mutually authenticating a recording and        reproducing apparatus for at least recording encrypted data to a        recording medium having second information uniquely assigned to        only a valid electronic apparatus or valid application software        and first information unique thereto or reproducing encrypted        data therefrom; and    -   a processing portion for at least encrypting data or decrypting        encrypted data with a key generated in accordance with both the        first information unique to the recording medium and sent from        the recording and reproducing apparatus through the connecting        portion and the second information unique to the electronic        apparatus or application software.

A sixth aspect of the present invention is a data processing apparatus,

-   -   wherein the data processing apparatus has a revoke processing        portion for performing revocation with both the second        information sent from the recording and reproducing apparatus        through the connecting portion and the first information unique        to the recording medium when the second information is not        information unique to a valid electronic apparatus or valid        application software.

A seventh aspect of the present invention is a data processingapparatus,

-   -   wherein the data processing apparatus is connected to the        recording and reproducing apparatus that has a revoke processing        portion for performing revocation with both the second        information stored in at least the recording and reproducing        apparatus and the first information unique to the recording        medium when the stored second information is not information        unique to a valid electronic apparatus or valid application        software.

An eighth aspect of the present invention is a data processingapparatus, comprising:

-   -   a storing portion for storing second information uniquely        assigned to only a valid electronic apparatus;    -   a connecting portion for mutually authenticating a recording and        reproducing apparatus for at least recording encrypted data to a        recording medium having first information unique thereto and        reproducing encrypted data recorded on the recording medium; and    -   a processing portion for at least encrypting data or decrypting        encrypted data with a key generated in accordance with both the        first information unique to the recording medium and the second        information stored in the storing portion,    -   wherein the second information stored in the storing portion is        sent to the recording and reproducing apparatus that has a        revoke processing portion for performing revocation when the        second information stored in the storing portion is not        information unique to a valid electronic apparatus or valid        application software.

A ninth aspect of the present invention is a recording, reproducing, andprocessing system, comprising:

-   -   a recording and reproducing apparatus for at least recording        encrypted data to a recording medium having first information        that is unique thereto or reproducing encrypted data recorded on        the recording medium, the recording and reproducing apparatus        having second information uniquely assigned to a valid        electronic apparatus or valid application software; and    -   a data processing apparatus for at least encrypting data or        decrypting encrypted data with a key generated in accordance        with both the second information at least stored in the        recording and reproducing apparatus and the first information        unique to the recording medium.

A tenth aspect of the present invention is a recording, reproducing, andprocessing system,

-   -   wherein the data processing apparatus has a revoke processing        portion for performing revocation with the first information        unique to the recording medium and the second information stored        in the data processing apparatus when the second information        stored therein is not information that is unique to a valid        electronic apparatus or valid application software.

An eleventh aspect of the present invention is a recording, reproducing,and processing system,

-   -   wherein the recording and reproducing apparatus has a revoke        processing portion for performing revocation with the first        information unique to the recording medium and the second        information stored in the data processing apparatus when the        stored second information is not information that is unique to a        valid electronic apparatus or valid application software.

A twelfth aspect of the present invention is a recording, reproducing,and processing system, comprising:

-   -   a recording and reproducing apparatus for storing second        information uniquely assigned to only a valid electronic        apparatus or valid application software and at least recording        encrypted data to a recording medium having first information        unique thereto or reproducing encrypted data recorded on the        recording medium; and    -   a data processing apparatus for encrypting data or decrypting        encrypted data with a key generated in accordance with both the        second information stored in the recording and reproducing        apparatus and the first information unique to the recording        medium,    -   wherein the data processing apparatus is configured to send the        second information stored in the storing portion thereof to the        recording and reproducing apparatus having a revoke processing        portion for performing revocation when the second information        stored in the recording and reproducing apparatus is not        information unique to a valid electronic apparatus or valid        application software.

A thirteenth aspect of the present invention is a recording andreproducing apparatus, comprising:

-   -   at least one of a recording portion for recording encrypted data        to a recording medium on which first information for revoking an        invalid electronic apparatus, second information that is unique        to each content, third information that can be defined for each        encrypting unit, and identification data that is unique to each        stamper are recorded and a reproducing portion for reproducing        encrypted data from the recording medium;    -   a storing portion for storing fourth information uniquely        assigned to a valid electronic apparatus or valid application        software,    -   a revoke processing portion for determining whether or not the        stored fourth information is information unique to a valid        electronic apparatus or valid application software in accordance        with the first information and the fourth information; and    -   a calculating portion for obtaining intermediate key information        unique to each recording medium in accordance with the first        information, the fourth information, the second information, and        the identification data when the revoke processing portion has        determined that the fourth information is information unique to        a valid electronic apparatus or valid application software.

According to the present invention, second information for example adevice key uniquely assigned to a valid electronic apparatus or validapplication software is stored in a recording and reproducing apparatus.Thus, the device key cannot be read from the outside of the recordingand reproducing apparatus. An application that is installed in a dataprocessing apparatus does not need to have data of a copyrightprotection technology. Thus, the software can withstand an analysis ofreverse engineering. As a result, the safety of the copyright protectiontechnology can be secured. In addition, to allow a recording andreproducing apparatus to validly deal with a recording medium, since theapparatus needs to have secret information of a copyright protectiontechnology such as a device key, a clone apparatus that pretends to be avalid apparatus without having a valid license can be prevented frombeing produced.

According to the present invention, a part of an algorithm of acopyright protection technology for example a calculation of a mediumunique key is implemented in a recording and reproducing apparatus. As aresult, an application that is installed in a data processing apparatusneeds to have only a part of the algorithm of the copyright protectiontechnology, the application can withstand an analysis of reverseengineering. Thus, the safety of the copyright protection technology canbe secured.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a block diagram describing a proposed system comprising arecorder, a player, and a DVD medium.

FIG. 2 is a block diagram describing a PC based DVD medium recording andreproducing system.

FIG. 3 is a schematic diagram describing processes for a DVD drive 4 anda host 5 of the system shown in FIG. 2.

FIG. 4 is a flow chart describing an authenticating operation of thesystem shown in FIG. 2.

FIG. 5 is a block diagram showing a PC based DVD medium recording andreproducing system according to a first embodiment of the presentinvention.

FIG. 6 is a schematic diagram describing processes for a DVD drive 4 anda host 5 according to the first embodiment of the present invention.

FIG. 7 is a block diagram showing a PC based DVD medium recording andreproducing apparatus according to a second embodiment of the presentinvention.

FIG. 8 is a block diagram showing a PC based DVD medium recording andreproducing system according to a third embodiment of the presentinvention.

FIG. 9 is a schematic diagram describing processes for a DVD drive 4 anda host 5 according to the third embodiment of the present invention.

FIG. 10 is a block diagram showing a PC based DVD medium recording andreproducing system according to a fourth embodiment of the presentinvention.

FIG. 11 is a schematic diagram describing processes for a DVD drive 4and a host 5 of the fourth embodiment of the present invention.

FIG. 12 is a block diagram showing a PC based DVD medium recording andreproducing system according to a fifth embodiment of the presentinvention.

FIG. 13 is a block diagram showing a PC based DVD medium recording andreproducing system according to a sixth embodiment of the presentinvention.

FIG. 14 is a schematic diagram describing processes for a DVD drive 4and a host 5 according to the sixth embodiment of the present invention.

FIG. 15 is a block diagram showing a PC based DVD medium recording andreproducing system according to a seventh embodiment of the presentinvention.

FIG. 16 is a schematic diagram describing processes for a DVD drive 4and host 5 according to the seventh embodiment of the present invention.

FIG. 17 is a block diagram showing a PC based writable medium recordingand reproducing system according to an eighth embodiment of the presentinvention.

FIG. 18 is a block diagram showing a PC based ROM type mediumreproducing system according to a ninth embodiment of the presentinvention.

BEST MODES FOR CARRYING OUT THE INVENTION

For easy understanding of the present invention, first of all, withreference to FIG. 1, a copyright protection technology for example anarchitecture of the CPRM for DVDs will be described. In FIG. 1,reference numeral 1 represents for example a recordable DVD medium suchas DVD-R/RW or DVD-RAM based on the CPRM standard. Reference numeral 2represents for example a recorder based on the CPRM standard. Referencenumeral 3 represents for example a player based on the CPRM standard.The recorder 2 and the player 3 are each an apparatus or applicationsoftware.

In a blank state of the DVD medium 1, in areas called BCA (Burst CuttingArea) or NBCA (Narrow Burst Cutting Area) of a lead-in area on theinnermost periphery side of the DVD medium 1, a medium ID 11 isrecorded. In an emboss or pre-recorded data zone of the lead-in area, amedium key block (hereinafter sometimes abbreviated as MKB) 12 ispre-recorded. The medium ID 11 is a number that is unique to each mediumfor example disc. The medium ID 11 is composed of a medium manufacturercode and a serial number. The medium ID 11 is required when a medium keyis converted into a medium unique key that is unique to each medium. Amedium key block MKB is a bundle of keys to obtain a medium key andrevoke the apparatus. The medium ID and medium key block are firstinformation unique to the recording medium.

In a data rewritable or recordable region of the disc 1, an encryptedcontent 13 that is encrypted with a content key is recorded. As anencrypting system, C2 (Cryptomeria Ciphering) is used.

On the DVD medium 1, an encrypted title key 14 and a CCI (Copy ControlInformation) 15 are recorded. The encrypted title key 14 is encryptedtitle key information. The title key information is key information thatis added for each title. The CCI is copy control information such ascopy no more, copy once, copy free, or the like.

The recorder 2 comprises structural elements that are a device key 21, aprocess MKB 22, a C2_G 23, a random number generator 24, a C2_E 25, aC2_G 26, and a C2_ECBC 27. The player 3 comprises structural elementsthat are a device key 31, a process MKB 32, a C2_G 33, a C2_D 35, a C2_G36, and a C2_DCBC 37.

The device keys 21 and 31 are identification numbers issued for eachapparatus maker or each application software vendor. A device key isinformation unique to a valid electronic apparatus or valid applicationsoftware assigned by a licenser. The MKB 12 and the device key 21reproduced from the DVD medium 1 are calculated by the process MKB 22 soas to determine whether or not the electronic apparatus or applicationsoftware has been revoked. Like the recorder 2, in the player 3, the MKB12 and the device key 31 are calculated b the process MKB 32 so as todetermine whether or not the player 3 has been revoked.

The processes MKB 22 and 32 each calculate a medium key with the MKB 12and the device keys 21 and 31. When the MKB 12 does not contain a devicekey of the recorder 2 or the player 3 and the calculated result matchesa predetermined value for example 0, it is determined that the recorder2 or player 3 that has the device key is not valid. In other words, therecorder 2 or player 3 is revoked.

The C2_G 23 and the C2_G 33 are processes each of which calculates amedium key and a medium ID and obtains a medium unique key.

The random number generator (RNG) 24 is used to generate a title key. Atitle key generated by the random number generator 24 is input to theC2_E 25. The title key is encrypted with a medium unique key. Theencrypted title key 14 is recorded on the DVD medium 1.

In the player 3, the encrypted title key 14 and the medium unique keyreproduced from the DVD medium 1 are supplied to the C2_D 35. Theencrypted title key is decrypted with the medium unique key. As aresult, the title key is obtained.

In the recorder 2, the CCI and the title key are supplied to the C2_G26. The C2_G 26 obtains a content key. The content key is supplied tothe C2_ECBC 27. The C2_ECBC 27 encrypts a content with the content key.The encrypted content 13 is recorded on the DVD medium 1.

In the player 3, the CCI and the title key are supplied to the C2_G 36.The C2_G 36 obtains a content key. The content key is supplied to theC2_DCBC 37. The encrypted content 13 reproduced from the DVD medium 1 isdecrypted with the content key.

In the structure shown in FIG. 1, a recording process for the recorder 2will be described. The recorder 2 reads the MKB 12 from the DVD medium1. The process MKB 22 calculates the device key 21 and the MKB 12 andobtains a medium key. When the calculated result matches a predeterminedvalue, it is determined that the device key 21 (the apparatus orapplication of the recorder 2) has been revoked by the MKB. At thatpoint, the recorder 2 stops the current process and prohibits a contentfrom being recorded to the DVD medium 1. If the value of the medium keydoes not match the predetermined value, the recorder 2 continues thecurrent process.

The recorder 2 reads the medium ID 11 from the DVD medium 1 and inputsthe medium ID and the medium key to the C2_G 23. The C2_G 23 calculatesthe medium ID and the medium key and obtains a medium unique key that isunique to each medium. The title key generated by the random numbergenerator 24 is encrypted by the C2_E 25. The encrypted title key 14 isrecorded on the DVD medium 1. The title key and the CCI information ofthe content are calculated by the C2_G 26. As a result, the C2_G 26obtains a content key. The C2_ECBC 27 encrypts the content with thecontent key. The encrypted content 13 and the CCI 15 are recorded on theDVD medium 1.

Next, a reproducing process of the player 3 will be described. First ofall, the MKB 12 is read from the DVD medium 1. The device key 31 and theMKB 12 are calculated so as to determine whether or not the device key31 has been revoked. When the device key 31 namely the apparatus orapplication of the player 3 has not been revoked, a medium unique key iscalculated with the medium ID. With the encrypted title key 14 and themedium unique key, a title key is calculated. The title key and the CCI15 are input to the C2_G 36. As a result, a content key is obtained. Thecontent key is input to the C2_DCBC 37. The C2_DCBC 37 calculates theencrypted content 13 reproduced from the DVD medium 1 with the contentkey. As a result, the encrypted content 13 is decrypted.

To obtain a content key necessary for decrypting a content, a uniquemedium ID is required for each DVD medium. Thus, even if an encryptedcontent on a medium is copied to another medium, since the medium ID ofthe other medium is different from the medium ID of the original medium,the copied content cannot be decrypted. As a result, the copyright ofthe content can be protected.

The structure shown in FIG. 1 is a recording and reproducing apparatus.The present invention is applied to the case that the content protectingprocess for the DVD medium 1 is performed under a PC environment. Next,with reference to FIG. 2, roles shared by a PC and a drive according toa conventional system will be described. In FIG. 2, reference numeral 4represents a DVD drive as a recording and reproducing apparatus thatrecords and reproduces a content to and from a DVD medium 1 based on theforegoing CPRM standard will be described.

Reference numeral 5 represents a host for example a PC as a dataprocessing apparatus. The host 5 is an apparatus or application softwarethat can handle a content that can be recorded to the DVD medium 1 andreproduced therefrom and that is connected to the DVD drive 4. The host5 is composed of for example application software and a PC in which theapplication software is installed.

The DVD drive 4 and the host 5 are connected with an interface 4 a. Theinterface 4 a is for example ATAPI (AT Attachment with PacketInterface), SCSI (Small Computer System Interface), USB (UniversalSerial Bus), IEEE (Institute of Electrical and Electronics Engineers)1394, or the like.

On the DVD medium 1, a medium ID 11, a medium key block 12, and a ACC(Authentication Control Code) are pre-recorded. The ACC is data recordedon the DVD medium 1. The ACC causes the DVD drive 4 and the host 5 toauthenticate each other uniquely for each DVD medium 1.

The DVD drive 4 reads an ACC 16 from the DVD medium 1. The ACC 16 thatis read from the DVD medium 1 is input to an AKE (Authentication and KeyExchange) 41 of the DVD drive 4. In addition, the ACC 16 is transferredto the host 5. The host 5 inputs the received ACC to an AKE 51. The AKEs41 and 51 exchange random number data and generates a common session key(referred to as bus key) that varies in each authenticating operationwith the exchanged random numbers and the value of the ACC.

The bus key is supplied to MAC (Message Authentication Code) calculatingblocks 42 and 52. The MAC calculating blocks 42 and 52 are processesthat calculate a medium ID and a MAC of the medium key block 12 with theobtained bus keys as parameters obtained by the AKEs 41 and 51. The host5 uses the MAC calculating blocks 42 and 52 so as to determine whetheror not the MKB and medium ID have integrity.

A comparing portion 53 of the host 5 compares the MACs calculated by theMACs 42 and 52 and determines whether or not they match. When the valuesof the MACs match, it is confirmed that the MKB and the medium ID haveintegrity. A switch SW1 is controlled in accordance with the comparedoutput.

The switch SW1 turns on/off a signal path between a recording path or areproducing path of the DVD medium 1 of the DVD drive 4 and anencrypting/(or) decrypting module 54 of the host 5. The switch SW1represents on/off of the signal path. Actually, the switch SW1represents that when the signal path is turned on, the process of thehost 5 is continued and that when the signal path is turned off, theprocess of the host 5 is stopped. The encrypting/decrypting module 54 isa calculating block that calculates a content key with a medium uniquekey, an encrypted title key, and a CCI, encrypts a content with thecontent key, obtains an encrypted content 13 or decrypts the encryptedcontent 13 with the content key.

A medium unique key calculating block 55 is a calculating block thatcalculates a medium unique key with the MKB 12, the medium ID, and adevice key 56. Like the recorder or player shown in FIG. 1, the mediumunique key calculating block 55 calculates a medium key with the devicekey and the MKB 12. The medium unique key calculating block 55calculates a medium unique key with the medium key and the medium IC 11.When the medium key is a predetermined value, it is determined that theelectronic apparatus or application software is not valid. As a result,the electronic apparatus or application software is revoked. Thus, themedium unique key calculating block 55 also functions as a revokeprocessing portion that revokes the electronic apparatus or applicationsoftware.

When a content is recorded, if the result of the comparing portion 53has confirmed integrity, the switch SW1 is turned on. At that point, theencrypted content 13, the encrypted title key 14, and the CCI 15 aresupplied from the encrypting/decrypting module 54 to the DVD drive 4through the switch SW1. As a result, the encrypted content 13, theencrypted title key 14, and the CCI 15 are recorded to the DVD medium 1.When a content is reproduced, if the result of the comparing portion 53has confirmed integrity, the SW1 is turned on. At that point, theencrypted content 13, the encrypted title key 14, and the CCI 15reproduced from the DVD medium 1 are supplied to theencrypting/decrypting module 54 through the switch SW1. Theencrypting/decrypting module 54 decrypts the encrypted content.

FIG. 3 shows steps of a process for exchanging signals among the DVDmedium 1, the DVD drive 4, and the host 5 in the system using the DVDmedium under the conventional PC environment shown in FIG. 2. The host 5sends a command to the DVD drive 4. The DVD drive 4 performs anoperation in accordance with the command.

In response to the command received from the host 5, the ACC of the DVDmedium 1 is sought and read (at step S1). At the next step S2, the ACCis input to the AKE 41. In addition, the ACC is transferred to the host5. In the host 5, the received ACC is input to the AKE 51. The AKEs 41and 51 exchange random number data. The AKEs 41 and 51 generate a buskey as a session key that varies in each session with the exchangedrandom numbers and the value of the ACC 16. The bus key is shared by theDVD drive 4 and the host 5. When a mutual authentication has not beensuccessful, the process is stopped.

Whenever the power is turned on or off or the disc is changed, anauthenticating operation is performed. When a recording operation isperformed with the recording button or a reproducing operation isperformed with the play button, an authenticating operation may beperformed. For example, when the record button or play button ispressed, an authenticating operation is performed.

When authentication has been successful, at step S3, the host 5 requeststhe DVD drive 4 to read a MKB (medium key block) pack #0 from the DVDmedium 1. MKB pack 0 to pack 15 of 16 sectors are recorded repeatedly 12times in the lead-in area. The error correction code encoding process isperformed in the unit of one pack.

At step S4, the DVD drive 4 reads the MKB pack #0. At step S5, the pack#0 is read. The DVD drive 4 returns a modified MKB to the host 5 (atstep S6). When the DVD drive 4 reads an MKB, the DVD drive 4 calculatesa MAC value with a bus key as a parameter, adds the MAC value to theMKB, and transfers the resultant data to the host 5. At steps S7 and S8,the requesting operation, the reading operation, and the transferringoperation are repeatedly performed for the remaining MKB packs otherthan the pack #0 namely until for example the pack #15 is read andtransferred to the host 5.

The host 5 requests a medium ID of the DVD drive 4. The DVD drive 4reads the medium ID from the DVD medium 1. At step S11, the medium ID isread. When the DVD drive 4 reads the medium ID from the DVD medium 1,the DVD drive 4 calculates the MAC value with the bus key as aparameter. At step S12, the DVD drive 4 adds a MAC value m1 to themedium ID and transfers the resultant data to the host 5.

The host 5 calculates the MAC value with parameters of the MKB 12received from the DVD drive 4 and the bus key received from the mediumID 11. The comparing portion 53 compares the calculated MAC value withthe MAC value received from the DVD drive 4. When they match, the host 5determines that the received MKB and medium ID are valid and turns onthe switch SW1 so as to cause the process to advance. In contrast, whenthey do not match, the host 5 determines that the received MKB andmedium ID have been revoked and turns off the switch SW1 so as to causethe process to stop.

At step S13, the host 5 requests an encrypted content of the DVD drive4. At step S14, the DVD drive 4 reads the encrypted content from the DVDdrive 4. At step S13, the encrypted content is transferred to the host5. The medium unique key calculating block 55 of the host 5 calculates amedium unique key with the device key 56, the MKB 12, and the medium ID11. The medium unique key is supplied to the encrypting/decryptingmodule 54. The encrypting/decrypting module 54 obtains a content keywith the encrypted title key 14 and the CCI 15. Theencrypting/decrypting module 54 decrypts the encrypted content that isread from the DVD medium 1 with the content key. Theencrypting/decrypting module 54 encrypts a content that is recorded tothe DVD medium 1.

At step ST1 of a flow chart shown in FIG. 4, a MAC calculated valueobtained with a bus key as a parameter by the MAC calculating block 42is compared with a MAC calculated value obtained with a bus key as aparameter by the comparing portion 53. When they match, at step ST2, theswitch SW1 is turned on. When they do not match, at step ST3, the switchSW1 is turned off and the process is stopped.

FIG. 5 shows a first embodiment of the present invention applied to thePC environment shown in FIG. 2. According to the first embodiment, adevice key that is secret information of the host 5 side is stored onthe DVD drive 4 side. As described above, the device key is informationthat is used to perform a revoking operation and obtain a medium key.

In FIG. 5, reference numeral 46 is a device key stored on the DVD drive4 side. To securely transmit the device key 46 to the host 5, the devicekey 46 is input to an encrypting portion for example a DES (DataEncryption Standard) encryptor 47. The DES encryptor 47 encrypts thedevice key 46 with the bus key. The encrypted device key is transferredto the host 5 through a drive—host interface 4 a.

The encrypted device key is input to a DES decryptor 57 through a switchSW2 that is turned on only when both MAC values match in a comparingportion 53, namely integrity is confirmed. In FIG. 5, the switch SW2represents on/off of a signal path. Actually, like the switch SW1, theswitch SW2 represents that when the switch SW2 is turned on, the processof the host 5 is continued and that when the switch SW2 is turned off,the process of the host 5 is stopped. A bus key is supplied to the DESdecryptor 57. The DES decryptor 57 decrypts the device key.

The decrypted device key is supplied to the medium unique keycalculating block 55. The medium unique key calculating block 55calculates a medium unique key with the MKB 12, the medium ID, and thedevice key 46. The medium unique key calculating block 55 calculates amedium key with the MKB 12 and the device key 46. The medium unique keycalculating block 55 calculates a medium unique key with the medium IDand the medium key. When the medium key calculated by the medium uniquekey calculating block 55 is a predetermined value, the device key,namely the DVD drive 4 is revoked and the process of the DVD drive 4 isstopped. The medium unique key calculating block 55 has a function ofthe revoke processing portion.

The medium unique key is supplied to the encrypting/decrypting module54. The encrypting/decrypting module 54 obtains a content key with theencrypted title key 14 and the CCI 15. The encrypting/decrypting module54 decrypts an encrypted content that is read from the DVD medium 1 withthe content key. The encrypting/decrypting module 54 encrypts a contentthat is recorded on the DVD medium 1.

FIG. 6 shows steps of a process according to the first embodiment. Sincea process for seeking and reading an ACC (at step S21) to a process forreturning a medium ID and an m1 (at step S32) are the same as thoseshown in FIG. 3, their processes will be described in brief. At stepS21, an ACC is sought and read. At step S22, when authentication hasbeen successful, a bus key as a session key varies in eachauthentication is generated.

At step S23, the host 5 requests the DVD drive 4 to read an MKB (MediumKey Block) pack #0. At step S24, the DVD drive 4 reads the MKB pack #0.At step S25, the pack #0 is read. When the DVD drive 4 reads the MKB,the DVD drive 4 calculates a MAC value with a bus key as a parameter andreturns data of which the MAC value is added to the MKB (modified MKB)to the host 5 at step S26. At steps S27 and S28, the requestingoperation, the reading operation, and the transferring operation areperformed for a remaining MKB pack other than the pack #0.

The host 5 requests a medium ID of the DVD drive 4 (at step S29). TheDVD drive 4 reads the medium ID (at step S30). At step S31, the mediumID is read. When the DVD drive 4 reads the medium ID, the DVD drive 4calculates the MAC value with the bus key as a parameter. At step S32,the DVD drive 4 adds an MAC value m1 to the medium ID and transfers theresultant data to the host 5.

The host 5 calculates a MAC value once again with the MKB 12 and themedium ID 11 received from the DVD drive 4 and the bus key asparameters. When the calculated MAC value matches the MAC value receivedfrom the DVD drive 4, the host 5 determines that the received MKB andmedium ID are valid and turns on the switch SW1 so as to causes theprocess to advance. In contrast, when they do not match, the host 5determines that the received MKB and medium ID were tampered and turnsoff the switch SW1 so as to cause the process to stop.

At step S33, the host 5 requests a device key of the DVD drive 4. TheDVD drive 4 causes the DES encryptor 47 to encrypt the device key 46 andsends the encrypted device key to the host 5 (at step S34). The host 5causes the DES decryptor 57 to decrypt the device key with the bus key.

At step S35, the host 5 requests an encrypted content of the DVD drive4. At step S36, the DVD drive 4 reads the encrypted content. At stepS35, the DVD drive 4 transfers the encrypted content to the host 5. Themedium unique key calculating block 55 of the host 5 calculates a mediumunique key with the device key 46, the MKB 12, and the medium ID 11. Themedium unique key is supplied to the encrypting/decrypting module 54.The encrypting/decrypting module 54 decrypts the encrypted content. Theencrypting/decrypting module 54 encrypts a content that is recorded onthe DVD medium 1.

According to the foregoing first embodiment, a device key that is secretinformation of a copyright protection technology is implemented in theDVD drive 4. For example, a device key is implemented in an LSI (LargeScale Integrated Circuit) such as a flash memory. Thus, the device keyin the LSI cannot be read from the outside of the DVD drive 4. As aresult, application software installed to the host 5 does not need tohave the secret information of the copyright protection technology.Thus, since the software can withstand an analysis using reverseengineering, the safety of the copyright protection technology can besecured.

To allow a drive to validly deal with the DVD medium 1, the driverequires the secret information of the copyright protection technology.Thus, as an effect of the present embodiment, a clone drive thatpretends to be a valid drive without having a valid license can beprevented from being produced.

FIG. 7 shows a second embodiment of the present invention applied to aPC environment. According to the second embodiment, a device key assecret information on the host 5 side is divided into two elements oneof which is stored on the DVD drive 4 side.

In FIG. 7, reference numeral 46 a represents a first half portion of adevice key stored on the DVD drive 4 side. The first half portion of thedevice key is a part of the device key that becomes a complete devicekey when the first half portion is combined with a second half portionof the device key. The first half portion 46 a of the device key isinput to an encrypting portion for example a DES encryptor 47. The DESencryptor 47 encrypts the first half portion 46 a with a bus key. Thefirst half portion of the encrypted device key is transferred to thehost 5 through a drive—host interface 4 a.

The first half portion of the encrypted device key is input to a DESdecryptor 57 through a switch SW2 that is turned on only when a match ofMAC values has been detected by a comparing portion 53. The bus key issupplied to a DES decryptor 57. The DES decryptor 57 decrypts the firsthalf portion of the device key.

Reference numeral 56 a represents a second half portion of the devicekey. The first half portion 46 a and the second half portion 56 adecrypted by the DES decryptor 57 are input to a device key combiningportion 58. When the first half portion 46 a and the second half portion56 a. are combined by the device key combining portion 58, the devicekey is obtained.

The obtained device key is supplied to a medium unique key calculatingblock 55. The medium unique key calculating block 55 calculates a mediumunique key with an MKB 12, a medium ID, and a device key 46. The mediumunique key is supplied to a encrypting/decrypting module 54. Theencrypting/decrypting module 54 obtains a content key with an encryptedtitle key 14 and a CCI 15. The encrypting/decrypting module 54 decryptsan encrypted content that is read from the DVD medium 1 with the contentkey. The encrypting/decrypting module 54 encrypts a content that isrecorded on the DVD medium 1.

The second embodiment is the same as the first embodiment except that adevice key is divided into two elements. Thus, the process of the secondembodiment is the same as that shown in FIG. 6. Thus, the illustrationof the process of the second embodiment is omitted.

According to the second embodiment, as data of a copyright protectiontechnology, a part of a device key is implemented in the drive 4. Forexample, a part of a device key is implemented in an LSI. As a result,an application that is installed in the host 5 needs to have only a partof data of the copyright protection technology. Consequently, thesoftware can withstand against an analysis using reverse engineering.Thus, the safety of the copyright protection technology can be secured.

To allow a drive to validly deal with the DVD medium 1, it needs to havesecret information of the copyright protection technology such as adevice key. Thus, as an effect of the present embodiment, a clone drivethat pretends to be as a valid drive without having a valid license canbe prevented from being produced. Only when both the first half portion46 a and the second half portion 56 a of the device key are valid, it isdetermined that the electronic apparatus or application software arevalid. Thus, a revoking process can be performed for both the DVD drive4 and the host 5.

FIG. 8 shows a third embodiment of the present invention. According tothe third embodiment, a DVD drive 4 has a device key 46. The DVD drive 4has a medium unique key calculating block represented by referencenumeral 48.

According to the third embodiment, since the DVD drive 4 has a mediumunique key calculating block 48, the DVD drive 4 does not need totransfer an MKB and a medium ID reproduced from a DVD medium 1 to a host5. As a result, an MAC calculating block, a comparing portion thatcompares calculated MAC values, and a switch that is controlled inaccordance with a compared output are omitted. In addition, a revokingprocess can be performed by only the DVD medium 1 and the DVD drive 4without the host 5.

The medium unique key calculating block 48 of the DVD drive 4 calculatesa medium unique key with a MKB 12, a medium ID, and a device key 46. Themedium unique key calculating block 48 calculates a medium key with theMKB 12 and the device key 46. In addition, the medium unique keycalculating block 48 calculates a medium unique key with the medium ID11 and the medium key. To securely transfer the medium unique key to thehost 5, the medium unique key is supplied to a DES encryptor 49. The DESencryptor 49 encrypts the medium unique key with a bus key. Theencrypted medium unique key is supplied to a DES decryptor 59 of thehost 5. The DES decryptor 59 decrypts the encrypted medium unique keywith a bus key.

The decrypted medium unique key is supplied to an encrypting/decryptingmodule 54. The encrypting/decrypting module 54 obtains a content keywith an encrypted title key 14 and a CCI 15. The encrypting/decryptingmodule 54 decrypts an encrypted content that is read from the DVD medium1 with the content key. In addition, the encrypting/decrypting module 54encrypts a content that is recorded to the DVD medium 1.

FIG. 9 shows steps of a process according to the third embodiment. Astep for seeking and reading an ACC (at step S41) to a step for readinga remaining MKB pack (at step S48) are the same as those shown in FIG.3. Thus, these steps will be described in brief.

At step S42, authentication is performed. When the authentication hasbeen successful, a bus key is generated as a session key that varies ineach authenticating operation. At step S43, the host 5 requests the DVDdrive 4 to read an MKB (Medium Key Block) pack #0. At step S44, the DVDdrive 4 reads the MKB pack #0. At step S45, the pack #0 is read. Whenthe DVD drive 4 reads the MKB, the DVD drive 4 calculates a MAC valuewith a bus key as a parameter and transfers data of which the MAC valueis added to the MKB to the host 5 at step S46. At steps S47 and S48, therequesting operation, the reading operation, and the transferringoperation are performed for a remaining MKB pack other than pack #0.

At step S49, the host 5 requests a medium unique key at step S49 of theDVD drive 4. The DVD drive 4 sends an encrypted medium unique key to thehost 5 (at step S50). The medium unique key is supplied to theencrypting/decrypting module 54. When the host 5 requests an encryptedcontent of the DVD drive 4 at step S51, the DVD drive 4 reads anencrypted content (at step S52). The encrypting/decrypting module 54decrypts the encrypted content. The encrypting/decrypting module 54encrypts a content that is recoded to the DVD medium 1.

FIG. 10 shows a fourth embodiment of the present invention. Like thethird embodiment, according to the fourth embodiment of the presentinvention, a DVD drive 4 has a medium unique key calculating block 48. Ahost 5 has a device key 56. The device key 56 is securely transferredfrom the host 5 to the DVD drive 4.

According to the fourth embodiment, since the DVD drive 4 has a mediumunique key calculating block 48, the DVD drive 4 does not need totransfer an MKB and a medium ID reproduced from a DVD medium 1 to thehost 5. As a result, an MAC calculating block, a comparing portion thatcompares calculated MAC values, and a switch controlled in accordancewith the compared output are omitted.

A device key 56 of the host 5 is supplied to a DES encryptor 59 b. TheDES encryptor 59 b encrypts the device key 56 with a bus key. Theencrypted device key is transferred to a DES decryptor 49 b of the DVDdrive 4. The DVD drive 4 decrypts the device key. The decrypted devicekey is input to a medium unique key calculating block 48.

The medium unique key calculating block 48 of the DVD drive 4 calculatesa medium unique key with the MKB 12, the medium ID, and the device key46. In other words, the medium unique key calculating block 48calculates a medium key with the MKB 12 and the device key 46. Themedium unique key calculating block 48 calculates the medium unique keywith the medium ID 11 and the medium key. The medium unique key issupplied to a DES encryptor 49 a. The DES encryptor 49 a encrypts themedium unique key with the bus key. The encrypted medium unique key issupplied to a DES decryptor 59 a of the host 5. The DES decryptor 59 adecrypts the encrypted medium unique key with the bus key.

The decrypted medium unique key is supplied to the encrypting/decryptingmodule 54. The encrypting/decrypting module 54 obtains a content keywith an encrypted title key 14 and a CCI 15. The encrypting/decryptingmodule 54 decrypts an encrypted content that is read from the DVD medium1 with the content key. The encrypting/decrypting module 54 encrypts acontent that is recorded to the DVD medium 1.

FIG. 11 shows steps of a process according to the fourth embodiment. Astep for seeking and reading an ACC (at step S61) to a step for readinga remaining MKB (at step S68) are the same as those shown in FIG. 3.Thus, these steps will be described in brief.

At step S62, authentication is performed. When the authentication hasbeen successful, a bus key as a session key that varies in eachauthenticating operation is generated. Thereafter, at step S63, the host5 requests the DVD drive 4 to read an MKB (Medium Key Block) pack #0. Atstep S64, the DVD drive 4 reads the MKB pack #0. At step S65, the pack#0 is read. When the DVD drive 4 reads the MKB, the DVD drive 4calculates an MAC value with a bus key as a parameter and transfers dataof which the MAC value is added to the MKB to the host 5. At steps S67and S68, the requesting operation, the reading operation, and thetransferring operation are performed for a remaining MKB pack other thanthe pack #0.

At step S69, the host 5 sends an encrypted device key to the DVD drive4. The DVD drive 4 calculates a medium unique key. At step S70, the host5 requests a medium unique key. The DVD drive 4 sends an encryptedmedium unique key to the host 5 (at step S71). The medium unique key issupplied to the encrypting/decrypting module 54. When the host 5requests an encrypted content of the DVD drive 4 at step 72, the DVDdrive 4 reads an encrypted content (at step S73). Theencrypting/decrypting module 54 decrypts the encrypted content. Theencrypting/decrypting module 54 encrypts a content that is recorded tothe DVD medium 1.

According to the foregoing third and fourth embodiments, a part of thealgorithm of the copyright protection technology for example acalculating portion for a medium unique key is implemented in the drive4. For example, the medium unique key calculating block 48 isimplemented in an LSI. An application that is installed to the host 5needs to have only a part of the algorithm of the copyright protectiontechnology. Thus, the software can withstand an analysis using reverseengineering. As a result, the safety of the copyright protectiontechnology can be secured.

According to the third embodiment, to allow a drive to validly deal withthe DVD medium 1, the drive needs to have secret information of thecopyright protection technology such as a device key. As a result, aclone drive that pretends to be valid drive without having a validlicense can be prevented from being produced.

FIG. 12 shows a fifth embodiment of the present invention. According tothe foregoing first to fourth embodiments, the present invention isapplied to the CPRM, which is a copyright protection technology forDVDs. In contrast, the fifth embodiment has an extended structure of thearchitecture of the CPRM shown in FIG. 2.

According to the fifth embodiment, a medium unique key calculating block61 of a host 5 is operated in accordance with a parameter A 62. Inaddition, an encrypting/decrypting module 63 is operated in accordancewith a parameter B 64. The parameter A 62 and the parameter B 64 may befixed values or data that is read from a DVD medium 1.

In the conventional CPRM, a medium key is calculated with an MKB and adevice key. A medium unique key is calculated with the medium key and amedium ID. In a system of which the CPRM is extended, these calculationsare preformed in accordance with the parameter A 62. Theencrypting/decrypting module 63 calculates a content key in accordancewith the parameter B 64. The process according to the fifth embodimentis the same as that of the conventional CPRM. Thus, the illustration ofthe process according to the fifth embodiment is omitted.

FIG. 13 shows a sixth embodiment of the present invention. The sixthembodiment has an extended structure of the architecture of theconventional CPRM. A DVD driver 4 has a device key 46, a parameter A 62,and a parameter B 64. To securely transfer the device key 46, theparameter A 62, and the parameter B 64 to the host 5, a DES encryptor 65encrypts these information with a bus key.

Encrypted data is input to a DES decryptor 66 through a switch SW3 thatis turned on when a match of MAC values has been detected by a comparingportion 53 namely, integrity has been confirmed. A bus key is suppliedto a DES decryptor 66. The DES decryptor 66 decrypts the device key, theparameter A 62, and the parameter B 64. The decrypted device key andparameter A are supplied to a medium unique key calculating block 61.The medium unique key calculating block 61 calculates a medium uniquekey with the MKB 12, the medium ID, the device key 46, and the parameterA.

The medium unique key and the parameter B are supplied to anencrypting/decrypting module 63. The encrypting/decrypting module 63obtains a content key with these data. The encrypting/decrypting module63 encrypts/decrypts a content with the content key.

FIG. 14 shows steps of a process according to the sixth embodiment. Astep for seeking and reading an ACC (at step S81) to a step forreturning a medium ID and an m1 (at step S92) are the same as those ofthe conventional CPRM. Thus, these steps will be described in brief. Atstep S81, an ACC is sought and read. At step S82, when authenticationhas been successful, a bus key as a session key that varies in eachauthenticating operation is generated.

At step S83, the host 5 requests the DVD drive 4 to read an MKB (MediumKey Block) pack #0. At step S84, the DVD drive 4 reads the MKB pack #0.At step S85, the pack #0 is read. When the DVD drive 4 reads the MKB,the DVD drive 4 calculates a MAC value with a bus key as a parameter andreturns data of which the MAC value is added to the MKB (modified MKB)to the host 5 at step S86. At steps S87 and S88, the requestingoperation, the reading operation, and the transferring operation areperformed for a remaining MKB pack other than the pack #0.

The host 5 requests a medium ID of the DVD drive 4 (at step S89). TheDVD drive 4 reads the medium ID (at step S90). At step S91, the mediumID is read. When the DVD drive 4 reads the medium ID, the DVD drive 4calculates a MAC value with a bus key as a parameter. At step S92, theDVD drive 4 adds a MAC value m1 to the medium ID and transfers theresultant data to the host 5.

The host 5 calculates a MAC value with the MKB 12 and the medium ID 11received from the DVD drive 4 and the bus key as a parameter once again.When the calculated MAC value matches the received MAC value, the host 5determines that the received MKB and medium ID are valid and turns onswitches SW1 and SW3 so as to cause the process to advance. In contrast,when they do not match, the host 5 determines that the received MKB andmedium ID have been tampered and turns off the switches SW1 and SW3 soas to cause the process to stop.

At step S93, the host 5 requests a device key, a parameter A, and aparameter B of the DVD drive 4. The DES encryptor 65 of the DVD drive 4encrypts the device key 46, the parameter A, and the parameter B andsends the encrypted data to the host 5 (at step S94). The DES decryptor66 of the host 5 decrypts the device key with the bus key.

At step S95, the host 5 requests an encrypted content of the DVD drive4. At step S96, the DVD drive 4 reads an encrypted content. At step S95,the encrypted content is transferred to the host 5. The medium uniquekey calculating block 61 of the host 5 calculates a medium unique keywith the device key 46, the MKB 12, the medium ID 11, and the parameterA. The medium unique key is supplied to the encrypting/decrypting module63. The encrypting/decrypting module 63 decrypts an encrypted content.The encrypting/decrypting module 63 encrypts a content that is recordedto the DVD medium 1.

FIG. 15 shows a seventh embodiment of the present invention. Accordingto the seventh embodiment, a DVD drive 4 has a medium unique keycalculating block 67. A host 5 has a device key 56, a parameter A 62,and a parameter B 64. The device key 56 and the parameter A 62 aresecurely transferred from the host 5 to the DVD drive 4.

According to the seventh embodiment, since the DVD drive 4 has themedium unique key calculating block 67, the DVD drive 4 does not need totransfer an MKB and a medium ID reproduced from the DVD medium 1 to thehost 5. As a result, an MAC calculating block, a comparing portion thatcompares calculated MAC values, and a switch controlled in accordancewith the compared result are omitted.

The device key 56 and the parameter A 62 of the host 5 are supplied to aDES encryptor 68. The DES encryptor 68 encrypts the device key 56 andthe parameter A 62 with a bus key. The encrypted data is transferred toa DES decryptor 69 of the DVD drive 4. The DES decryptor 69 decrypts thedevice key and the parameter A. The decrypted device key and parameter Aare input to the medium unique key calculating block 67.

The medium unique key calculating block 67 of the DVD drive 4 calculatesa medium unique key with the MKB 12, the medium ID, the device key 46,and the parameter A. The medium unique key is supplied to a DESencryptor 70. The DES encryptor 70 encrypts the medium unique key with abus key. The encrypted medium unique key is supplied to a DES decryptor71 of the host 5. The DES decryptor 71 decrypts the encrypted mediumunique key with the bus key.

The decrypted medium unique key is supplied to an encrypting/decryptingmodule 63. The encrypting/decrypting module 63 obtains a content keywith the encrypted title key 14, the CCI 15, and the parameter A. Theencrypting/decrypting module 63 decrypts an encrypted content that isread from the DVD medium 1 with the content key. Theencrypting/decrypting module 63 encrypts a content that is recorded tothe DVD medium 1.

FIG. 16 shows steps of a process according to the seventh embodiment. Astep for seeking and reading an ACC (at step S101) to a step for readinga remaining MKB pack (at step S108) are the same as those of the processof the conventional CPRM. Thus, these steps will be described in brief.

At step S102, authentication is performed. When the authentication hasbeen successful, a bus key as a session key that varies in eachauthenticating operation is generated. At step S103, the host 5 requeststhe DVD drive 4 to read an MKB (Medium Key Block) pack #0. At step S104,the DVD drive 4 reads the MKB pack #0. At step S105, the pack #0 isread. When the DVD drive 4 reads the MKB, the DVD drive 4 calculates anMAC value with a bus key as a parameter and transfers data of which theMAC value is added to the MKB to the host 5 at step S106. At steps S107and S108, the requesting process, the reading process, and thetransferring process are performed for a remaining MKB pack other thanthe pack #0.

At step S109, the host 5 sends an encrypted device key and an encryptedparameter to the DVD drive 4. At step S110, the host 5 requests a mediumunique key of the DVD drive 4. The DVD drive 4 calculates a mediumunique key. At step S111, the DVD drive 4 sends the encrypted mediumunique key to the host 5. The medium unique key is supplied to theencrypting/decrypting module 63. When the host 5 requests an encryptedcontent of the DVD drive 4 at step S112, the DVD drive 4 reads theencrypted content (at step S113). The encrypting/decrypting module 63decrypts the encrypted content. The encrypting/decrypting module 63encrypts a content that is recorded to the DVD medium 1.

Next, with reference to FIG. 17, an eighth embodiment of the presentinvention will be described. Like the foregoing third embodiment (seeFIG. 8), according to the eighth embodiment, a medium unique key isgenerated by a drive. In addition, like the fifth embodiment (see FIG.12), the sixth embodiment (see FIG. 13), and the seventh embodiment (seeFIG. 15), a content key is generated in accordance with a parameter B(extended CPRM system).

In the CPRM extended system, parameters A and B are used so as tocalculate a medium unique key and perform encrypting/decryptingoperations. These parameters may be stored on the host side or the driveside. Alternatively, the parameters may be recorded on a medium and readby the host. When the parameters A and B are exchanged through aninterface, they should be encrypted so as to securely transmit them.

In FIG. 17, reference numeral 101 represents a recordable medium. On themedium 101, an EKB 111, an encrypted disc key Em (Kd) 112, an encryptedcontent 113, a disc ID 114, and a unit key generating value Vu 115 arerecoded. Like the forgoing first to seventh embodiments, in particular,the third embodiment, a CCI is recorded in association with theencrypted content 113.

Next, terminology of key information shown in FIG. 17 will be described.

An EKB 111 is a key bundle with which a medium key Km is distributed foreach device key. The EKB 111 corresponds to a medium key block MKB ofeach of the foregoing embodiments.

A medium key Km is key information unique to each medium. When an EKBdoes not contain a medium key, it represents that a device key has beenrevoked.

A disc key Kd is key information that is unique to at least eachcontent. A disc key Kd may be unique to each master disc of a content.An encrypted disc key Em (Kd) 112 is an encrypted key of which a disckey Kd is encrypted with a medium key Km. An encrypted disc key Em (Kd)112 is recorded on the medium 101. An encrypted disc key Em (Kd) 112 isused to generate an embedded key Ke that is unique to each medium. Anencrypted disc key Em (Kd) 112 corresponds to a parameter A (that isused to generate a medium unique key in the drive 4) of the fifth toseventh embodiments.

A unit key generating value Vu 115 is a parameter that can be definedfor each encryption unit. Each encryption unit is composed of aplurality of sectors. A unit key generating value Vu 115 is used togenerate a unit key Ku with which a host 105 decrypts an encryptedcontent 113. A unit key generating value Vu 115 corresponds to aparameter B (used to encrypt/decrypt an encrypted content 13 of the host5) of the fifth to seventh embodiments.

A disc ID 114 is an ID that is unique to each stamper. A disc ID 114corresponds to a medium ID of the third embodiment.

An embedded key Ke is key information that is unique to each medium. Anembedded key Ke corresponds to a medium unique key of the thirdembodiment.

A medium key Km is obtained with a device key 146 of a drive 104 and anEKB 111 of the medium 101. A disc key Kd is obtained with a medium keyKm and an encrypted disc key Em (Kd) 112 of the medium 101. An embeddedkey Ke is obtained with a disc key Kd and a disc ID 114.

A unit key Ku is a key with which an encrypted content 113 is encryptedor decrypted. A unit key Ku is obtained with an embedded key Ke and aunit key generating value Vu. A unit key Ku corresponds to a content keyof each of the foregoing embodiments.

Next, an operation of the eighth embodiment will be described inaccordance with a flow of the process.

First of all, AKEs 141 and 151 authenticate each other. When theirauthentication has been successful, a bus key is generated. A parameter(not shown in FIG. 17) in association with the authentication issupplied to at least one of the AKEs 141 and 151.

The drive 104 reads an EKB from the medium. 101 and supplies the EKB tothe drive 104. A process EKB 122 of the drive 104 calculates the EKB andthe device key 146 received from the medium 101 and obtains a medium keyKm. When the calculated result is for example 0, the device key isrevoked. A device key 146 of the drive 104 is a key uniquely assigned toa drive of each model.

The drive 104 reads an encrypted device key Em (Kd) from the medium 101.An AES_D 123 decrypts the encrypted disc key Em (Kd) with a medium keyKm and obtains a disc key Kd. The AES (Advanced Encryption Standard) isan encrypting method adopted by the U.S. government as a new encryptionstandard as a successor of the DES.

In addition, the drive 104 reads a disc ID 115 from the medium 101. AnAES_G 148 calculates the disc ID and the disc key Kd and obtains anembedded key Ke.

After the drive 104 and the host 105 have authenticated each other and abus key has been obtained, the host 105 requests the drive 104 totransfer the embedded key Ke.

When the drive 104 transfers a Ke to the host 105 through an interface104 a, an AES encryptor 149 encrypts the Ke with a bus key. An AESdecryptor 159 of the host 105 decrypts the encrypted Ke and obtains theKe. The AES encryptor 148 and the AES decryptor 149 perform a processfor a CBC (Cipher Block Chaining) mode.

The host 105 processes a content in an encrypting unit. The host 105reads a unit key generating value Vu 115 in the encrypting unit from thedrive 104. An AES_G 158 calculates a unit key Ku with the embedded keyKe and the unit key generating value Vu.

The host 105 reads the encrypting unit of the encrypted content 113 inthe unit of sector data. The drive 104 transfers sector data, which hasbeen read, to the host 105. An encrypting/decrypting module 154 of thehost 105 decrypts the sector data with a unit key Ku of the encryptingunit.

Next, with reference to FIG. 18, a ninth embodiment of the presentinvention will be described. According to the ninth embodiment, acontent is reproduced from a ROM type medium 110 for example a ROM disc.

A content is pre-recorded on the ROM type medium 110. The host 105 doesnot need to perform an encrypting process. The host 105 has a decryptingmodule 160. An encrypted content that is read from the medium 110 isdecrypted by the decrypting module 160. The decrypting module 160obtains an AV content.

The ROM type medium 110 has a medium key Km and a disc key Kd as keyinformation unique to each content. Each content is composed of one or aplurality of encrypting units.

An embedded key generating value Ve is recorded on the medium 110. Anembedded key generating value Ve is a non-zero value recorded for eachstamper in a disc production plant (a stamper is a disc original ofwhich photoresist is developed or a first stamper produced from the discoriginal). As a physical watermark, an embedded key generating value Veis recorded on a disc by another means.

An embedded key Ke corresponds to a medium unique key of the thirdembodiment. An embedded key generating value Ve with which an embeddedkey Ke is generated is a kind of a medium ID.

According to the ninth embodiment, the same process as the eighthembodiment is performed. First of all, AKEs 141 and 151 authenticateeach other. As a result, a bus key is generated. A process EKB 122 ofthe drive 104 calculates an EKB and a device key 146 that are read. As aresult, the EKB 122 obtains a medium key Km and performs a revokingprocess. An AES_D 123 decrypts the medium key Km and obtains a disc keyKd. An AES_G 148 obtains an embedded key Ke.

An AES encryptor 149 encrypts an Ke with a bus key. An AES decryptor 159of the host 105 decrypts the encrypted Ke and obtains the Ke.

The host 105 reads a unit key generating value Vu 115 of an encryptingunit from the drive 104. An AES_G 158 calculates a unit key Ku.

A decrypting module 160 of the host 105 decrypts sector data of anencrypting unit that the host 105 requests with the unit key Ku of theencrypting unit.

According to the present invention, since information unique to anelectronic apparatus or application software that is secret informationof a copyright protection technology is implemented in the recording andreproducing apparatus, the application software installed therein doesnot need to have the secret information of the copyright protectiontechnology. Thus, the software can withstand an analysis using reverseengineering. As a result, the safety of the copyright protectiontechnology can be secured.

A device key that is information unique to an electronic apparatus orapplication software is divided into two portions that are shared by therecording and reproducing apparatus and the data processing apparatus.Thus, both the recording and reproducing apparatus and the applicationsoftware can be revoked.

According to the present invention, a part of an algorithm of acopyright protection technology, for example a calculating portion for amedium unique key is implemented in the recording and reproducingapparatus. Thus, the application software of the data processingapparatus needs to have only a part of the algorithm. As a result, thesoftware can withstand an analysis using reverse engineering.Consequently, the safety of the copyright protection technology can besecured.

Although the present invention has been shown and described with respectto a best mode embodiment thereof, it should be understood by thoseskilled in the art that the foregoing and various other changes,omissions, and additions in the form and detail thereof may be madetherein without departing from the spirit and scope of the presentinvention. For example, a device key may be divided into two portions.The drive and the host can share the divided portions. Alternatively,the drive may have a medium unique key calculating block.

When an encrypted content is exchanged through an interface, theencrypted content may be encrypted so as to securely transmit it.Although a parameter in association with authentication is supplied tothe AKE, a list that describes invalid objects or valid objects may besupplied to the AKE.

Industrial Utilization

The foregoing description exemplifies the CPRM as a copyright protectiontechnology and an extended CPRM. However, the present invention can beapplied to other than the CPRM as a copyright protection technology.Although the present invention is applied to the PC based system, itshould be noted that the present invention is not limited to a structurethat is a combination of a PC and a drive. For example, the presentinvention can be applied to a portable moving or still picture camerasystem that comprises an optical disc as a medium, a drive that drivesthe medium, and a microcomputer that controls the drive.

1. A recording and reproducing apparatus, comprising: at least one of a recording portion for recording encrypted data to a recording medium having first information that is unique thereto and a reproducing portion for reproducing encrypted data recorded on the recording medium; a storing portion for storing second information uniquely assigned to a valid electronic apparatus or valid application software; and a connecting portion for mutually authenticating a data processing apparatus for at least encrypting data or decrypting encrypted data with a key generated in accordance with both the first information unique to the recording medium and the second information stored in the storing portion.
 2. The recording and reproducing apparatus as set forth in claim 1, wherein a part of the second information is stored in the storing portion, wherein the other part of the second information is stored in the data processing apparatus, and wherein the part of the second information stored in the storing portion and the other part of the second information stored in the data processing apparatus are combined as the second information.
 3. The recording and reproducing apparatus as set forth in claim 1, wherein the data processing apparatus has a revoke processing portion for performing revocation with at least the second information stored in the storing portion and the first information unique to the recording medium when the second information stored in the storing portion is not information unique to a valid electronic apparatus or valid application software, and wherein the connecting portion is configured to send the second information stored in the storing portion to the data processing apparatus.
 4. The recording and reproducing apparatus as set forth in claim 3, wherein the second information that is sent is encrypted.
 5. The recording and reproducing apparatus as set forth in claim 1, further comprising: a revoke processing portion for performing revocation with the second information stored in the storing portion and the first information unique to the recording medium when the second information stored in the storing portion is not information unique to a valid electronic apparatus or valid application software.
 6. A recording and reproducing apparatus, comprising: at least one of a recording portion for recording encrypted data to a recording medium having first information that is unique thereto and a reproducing portion for reproducing encrypted data recorded on the recording medium; a storing portion for storing second information uniquely assigned to a valid electronic apparatus or valid application software; a connecting portion for mutually authenticating a data processing apparatus for at least encrypting data or decrypting encrypted data with a key generated in accordance with both the first information unique to the recording medium and the second information stored in the storing portion; and a revoke processing portion for performing revocation with the second information sent from the data processing apparatus through at least the connecting portion and stored in the storing portion and the first information unique to the recording medium when the second information stored in the storing portion is not information unique to a valid electronic apparatus or valid application software.
 7. The recording and reproducing apparatus as set forth in claim 6, further comprising: decrypting means for decrypting the encrypted second information.
 8. A data processing apparatus, comprising: a connecting portion for mutually authenticating a recording and reproducing apparatus for at least recording encrypted data to a recording medium having second information uniquely assigned to only a valid electronic apparatus or valid application software and first information unique thereto or reproducing encrypted data therefrom; and a processing portion for at least encrypting data or decrypting encrypted data with a key generated in accordance with both the first information unique to the recording medium and sent from the recording and reproducing apparatus through the connecting portion and the second information unique to the electronic apparatus or application software.
 9. Data processing apparatus as set forth in claim 8, wherein a part of the second information is stored in the storing portion, wherein the other part of the second information is stored in the recording and reproducing apparatus, and wherein the part of the second information stored in the storing portion and the other part of the second information stored in the data processing apparatus are combined as the second information.
 10. The data processing apparatus as set forth in claim 8, wherein the data processing apparatus has a revoke processing portion for performing revocation with both the second information sent from the recording and reproducing apparatus through the connecting portion and the first information unique to the recording medium when the second information is not information unique to a valid electronic apparatus or valid application software.
 11. The data processing apparatus as set forth in claim 10, further comprising: decrypting means for decrypting the encrypted second information.
 12. The data processing apparatus as set forth in claim 8, wherein the data processing apparatus is connected to the recording and reproducing apparatus that has a revoke processing portion for performing revocation with both the second information stored in at least the recording and reproducing apparatus and the first information unique to the recording medium when the stored second information is not information unique to a valid electronic apparatus or valid application software.
 13. A data processing apparatus, comprising: a storing portion for storing second information uniquely assigned to only a valid electronic apparatus or valid application software; a connecting portion for mutually authenticating a recording and reproducing apparatus for at least recording encrypted data to a recording medium having first information unique thereto and reproducing encrypted data recorded on the recording medium; and a processing portion for at least encrypting data or decrypting encrypted data with a key generated in accordance with both the first information unique to the recording medium and the second information stored in the storing portion, wherein the second information stored in the storing portion is sent to the recording and reproducing apparatus that has a revoke processing portion for performing revocation when the second information stored in the storing portion is not information unique to a valid electronic apparatus or valid application software.
 14. The data processing apparatus as set forth in claim 13, wherein the second information that is sent is encrypted.
 15. A recording, reproducing, and processing system, comprising: a recording and reproducing apparatus for at least recording encrypted data to a recording medium having first information that is unique thereto or reproducing encrypted data recorded on the recording medium, the recording and reproducing apparatus having second information uniquely assigned to a valid electronic apparatus or valid application software; and a data processing apparatus for at least encrypting data or decrypting encrypted data with a key generated in accordance with both the second information at least stored in the recording and reproducing apparatus and the first information unique to the recording medium.
 16. The recording, reproducing, and processing system as set forth in claim 15, wherein the data processing apparatus has a revoke processing portion for performing revocation with the first information unique to the recording medium and the second information stored in the data processing apparatus when the second information stored therein is not information that is unique to a valid electronic apparatus or valid application software.
 17. The recording, reproducing, and processing system as set forth in claim 15, wherein the recording and reproducing apparatus has a revoke processing portion for performing revocation with the first information unique to the recording medium and the second information stored in the data processing apparatus when the stored second information is not information that is unique to a valid electronic apparatus or valid application software.
 18. A recording, reproducing, and processing system, comprising: a recording and reproducing apparatus for storing second information uniquely assigned to only a valid electronic apparatus or valid application software and at least recording encrypted data to a recording medium having first information unique thereto or reproducing encrypted data recorded on the recording medium; and a data processing apparatus for encrypting data or decrypting encrypted data with a key generated in accordance with both the second information stored in the recording and reproducing apparatus and the first information unique to the recording medium, wherein the data processing apparatus is configured to send the second information stored in the storing portion thereof to the recording and reproducing apparatus having a revoke processing portion for performing revocation when the second information stored in the recording and reproducing apparatus is not information unique to a valid electronic apparatus or valid application software.
 19. A recording and reproducing apparatus, comprising: at least one of a recording portion for recording encrypted data to a recording medium on which first information for revoking an invalid electronic apparatus, second information that is unique to each content, third information that can be defined for each encrypting unit, and identification data that is unique to each stamper are recorded and a reproducing portion for reproducing encrypted data from the recording medium; a storing portion for storing fourth information uniquely assigned to a valid electronic apparatus or valid application software, a revoke processing portion for determining whether or not the stored fourth information is information unique to a valid electronic apparatus or valid application software in accordance with the first information and the fourth information; and a calculating portion for obtaining intermediate key information unique to each recording medium in accordance with the first information, the fourth information, the second information, and the identification data when the revoke processing portion has determined that the fourth information is information unique to a valid electronic apparatus or valid application software.
 20. The recording and reproducing apparatus as set forth in claim 19, further comprising: an authenticating portion for mutually authenticating a data processing apparatus for at least encrypting data or decrypting encrypted data with a key generated in accordance with the intermediate key information; and an intermediate key information encrypting portion for encrypting the intermediate key information with a bus key generated when the authentication has been successful and sending the encrypted intermediate key information to the data processing apparatus.
 21. A data processing apparatus, comprising: an authenticating portion for authenticating a recording and reproducing apparatus for at least recording and reproducing encrypted data to and from a recording medium on which fourth information uniquely assigned to a valid electronic apparatus or valid application software, first information for revoking an invalid electronic apparatus, second information unique to each content, third information that can be defined for each encrypting unit, and identification data unique to each stamper are recorded; a key information decrypting portion for receiving from the recording and reproducing apparatus intermediate key information unique to each recording medium, the intermediate key information being generated in accordance with the first information, the fourth information, the second information, and the identification data having encrypted with a bus key generated when the authentication has been successful; an encryption key generating portion for generating an encryption key with the third information received from the recording and reproducing apparatus and the decrypted intermediate key information; and an encrypting and decrypting portion for at least performing encryption with the encryption key or performing decryption with the encryption key. 